Граф коммитов

9 Коммитов

Автор SHA1 Сообщение Дата
Brad Fitzpatrick 4f0f4bb614 revdial/v2: add new simpler, non-multiplexing revdial implementation
The old revdial has a simple multiplexing protocol that was like
HTTP/2 but without flow control, etc. But it was too simple (no flow
control) and too complex. Instead, just use one TCP connection per
reverse dialed connection. For now, the NAT'ed machine needs to go
re-connect for each incoming connection, but in practice that's just
once.

The old implementation is retained for now until all the buildlets are
updated.

Updates golang/go#31639

Change-Id: Id94c98d2949e695b677531b1221a827573543085
Reviewed-on: https://go-review.googlesource.com/c/build/+/174082
Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>
2019-04-29 17:41:24 +00:00
Brad Fitzpatrick 73f88a6d4c all: add README.md files where missing, and tool to keep them updated
Change-Id: I385171c415bf168c04c6c3a7a996bff88964af84
Reviewed-on: https://go-review.googlesource.com/52856
Reviewed-by: Andrew Bonventre <andybons@golang.org>
2017-08-02 22:17:52 +00:00
Brad Fitzpatrick 4eceee2d0f cmd/coordinator, cmd/buildlet, cmd/gomote: add SSH support
This adds an SSH server to farmer.golang.org on port 2222 that proxies
SSH connections to users' gomote-created buildlet instances.

For example:

    $ gomote create openbsd-amd64-60
    user-bradfitz-openbsd-amd64-60-1

    $ gomote ssh user-bradfitz-openbsd-amd64-60-1
    Warning: Permanently added '[localhost]:33351' (ECDSA) to the list of known hosts.
    OpenBSD 6.0 (GENERIC.MP) golang/go#2319: Tue Jul 26 13:00:43 MDT 2016

    Welcome to OpenBSD: The proactively secure Unix-like operating system.

    Please use the sendbug(1) utility to report bugs in the system.
    Before reporting a bug, please try to reproduce it with the latest
    version of the code.  With bug reports, please try to ensure that
    enough information to reproduce the problem is enclosed, and if a
    known fix for it exists, include that as well.

    $

As before, if the coordinator process is restarted (or crashes, is
evicted, etc), all gomote instances die.

Not yet supported:

* scp (help wanted)
* not all host types are configured. most are. some will need slight
  config tweaks to the Docker image (e.g. adding openssh-server)

Supports currently:

* linux-amd64 (host type shared by 386, nacl)
* linux-arm
* linux-arm64
* darwin
* freebsd
* openbsd
* plan9-386
* windows

Implementation details:

* the ssh server process listens on port 2222 in the coordinator
  (farmer.golang.org), which is behind a GKE TCP load balancer.

* the ssh server library is github.com/gliderlabs/ssh

* authentication is done via Github users' public keys. It's assumed
  that gomote user == github user. But there's a mapping in the code
  for known exceptions.

* we can't give out access to this too widely. too many things are
  accessible from within the host environment if you look in the right
  places. Details omitted. But the Go team and other trusted gomote
  users can use this.

* the buildlet binary has a new /connect-ssh handler that acts like a
  CONNECT request but instead of taking an explicit host:port, just
  says "give me your machine's SSH connection". The buildlet can also
  start sshd if needed for the environment. The /connect-ssh handler
  also installs the coordinator's public key.

* a new buildlet client library method "ConnectSSH" hits the /connect-ssh
  handler and returns a net.Conn.

* the coordinator's ssh.Handler is just running the OpenSSH ssh client.

* because the OpenSSH ssh child process can't connect to a net.Conn,
  an emphemeral localhost port is created on the coordinator to proxy
  between the ssh client and the net.Conn returned by ConnectSSH.

* The /connect-ssh handler requires http.Hijacker, which requires
  fully compliant net.Conn implementations as of Go 1.8. So I needed
  to flesh out revdial too, testing it with the
  golang.org/x/net/nettest package.

* plan9 doesn't have an ssh server, so we use 0intro's new conterm
  program (drawterm without GUI support) to connect to plan9 from the
  coordinator ssh proxy instead of using the OpenSSH ssh client
  binary.

* windows doesn't have an ssh server, so we enable the telnet service
  and the coordinator ssh proxy uses telnet instead on the backend
  on the private network. (There is a Windows ssh server but only in
  new versions.)

Happy debugging over ssh!

Fixes golang/go#19956

Change-Id: I80a62064c5f85af1f195f980c862ba29af4015f0
Reviewed-on: https://go-review.googlesource.com/50750
Reviewed-by: Herbie Ong <herbie@google.com>
Reviewed-by: Jessie Frazelle <me@jessfraz.com>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
2017-07-28 18:21:11 +00:00
Brad Fitzpatrick 20b85ed4fc all: add linux-arm64-packet builders
The server has 96 cores and 128 GB of RAM, so run 20 builders on it.

This adds the Dockerfile each builder runs in, and the machinery to
run 20 copies of the Docker container.

Also reduce some logspam in the buildlet's shutdown.

(The dashboard/builders.go entry for this builder was added previously
 in https://golang.org/cl/39851)

Fixes golang/go#19929

Change-Id: I8537eee52c002dc9efcadcfb7e78b3a5db07ae44
Reviewed-on: https://go-review.googlesource.com/40392
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
2017-04-11 23:39:43 +00:00
Brad Fitzpatrick 667d180de2 revdial: fix ABBA deadlock
Fixes golang/go#12816

Change-Id: I0fade5937a138459fbdeb00695c07028c6b8060b
Reviewed-on: https://go-review.googlesource.com/15530
Reviewed-by: Ian Lance Taylor <iant@golang.org>
2015-10-07 20:17:31 +00:00
Brad Fitzpatrick 72f3eae620 revdial, cmd/coordinator: notice when buildlet TCP conns go away immediately
Previously it wasn't noticing their death until the next health check.

Take advantage of that the revdial is always blocked in a Read, so it
will see a TCP shutdown in the case of normal shutdowns. (health checks
will still catch disappearing machines)

Change-Id: I9a7f60a38b3acaf02057b2da9e0cbc91d328f651
Reviewed-on: https://go-review.googlesource.com/14736
Reviewed-by: Andrew Gerrand <adg@golang.org>
2015-09-18 02:03:18 +00:00
Brad Fitzpatrick 30d52a20ad revdial: fix Lock-after-Lock bug, where server EOF wouldn't unblock conns
If the server's conn stopped reading, we acquired a Lock twice
(blocking forever) and never killing all the active connections on it.

Add test.

Probably fixes golang/go#12666

Change-Id: I4ff670a55e8d92e6e2ebe14a94137d6f15f3768e
Reviewed-on: https://go-review.googlesource.com/14700
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
2015-09-17 20:03:31 +00:00
Brad Fitzpatrick 8d3449a70f revdial: docs
Change-Id: I1b948a83503689979bec1a9ee7982c4107e7e6e1
Reviewed-on: https://go-review.googlesource.com/14589
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
2015-09-16 04:05:10 +00:00
Brad Fitzpatrick 1f0d8f287c all: tons of builder work
* reverse buildlet rework (multiplexed TCP connections, instead
  of a hacky reverse roundtripper)

* scaleway ARM image improvements

* parallel gzip implementation, which makes things ~8x faster on
  Scaleway.

* merge watcher into the coordinator, for easier deployments

Change-Id: I55d769f982e6583b261435309faa1f718a15fde1
Reviewed-on: https://go-review.googlesource.com/12665
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
2015-09-15 08:28:33 +00:00